CN107770769A - A kind of encryption method, network side equipment and terminal - Google Patents

A kind of encryption method, network side equipment and terminal Download PDF

Info

Publication number
CN107770769A
CN107770769A CN201610672046.7A CN201610672046A CN107770769A CN 107770769 A CN107770769 A CN 107770769A CN 201610672046 A CN201610672046 A CN 201610672046A CN 107770769 A CN107770769 A CN 107770769A
Authority
CN
China
Prior art keywords
group
terminal
algorithm
network side
aes
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201610672046.7A
Other languages
Chinese (zh)
Other versions
CN107770769B (en
Inventor
张玲
林秋丽
苏丽芳
由县卫
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Datang Mobile Communications Equipment Co Ltd
Original Assignee
Datang Mobile Communications Equipment Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Datang Mobile Communications Equipment Co Ltd filed Critical Datang Mobile Communications Equipment Co Ltd
Priority to CN201610672046.7A priority Critical patent/CN107770769B/en
Publication of CN107770769A publication Critical patent/CN107770769A/en
Application granted granted Critical
Publication of CN107770769B publication Critical patent/CN107770769B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/02Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Telephonic Communication Services (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Computer And Data Communications (AREA)

Abstract

The invention discloses a kind of encryption method, network side equipment and terminal, AES ability and complete guarantor algorithm ability of the network side equipment according to each terminal in group-calling service in the embodiment of the present invention, group key is determined, the group key is used to space interface signaling and data of eating dishes without rice or wine be encrypted when each terminal carries out group-calling service in the group-calling service;The network side equipment sends the group key each terminal into the group-calling service.Encryption flow in cluster multi call business can be realized by the embodiment of the present invention, and then ensure the security of space interface signaling and data service.

Description

A kind of encryption method, network side equipment and terminal
Technical field
The present invention relates to moving communicating field, more particularly to a kind of encryption method, network side equipment and terminal.
Background technology
Long Term Evolution (Long Term Evolution, LTE) network is as a kind of new wireless mobile telecommunication technology, It is widely used.In order to provide safer mobile communication business, need to ensure the security of information transmission in the lte networks And confidentiality.
At present, point-to-point ciphering process, the implementation of the point-to-point ciphering process are generally used in LTE network It is as follows:Terminal itself preserves root key, and trusts home subscriber server (Home Subscribe Server, HSS), therefore Terminal and HSS can share root key.HSS and terminal derive base station (the Evolved Node of enhancing according to shared root key B, eNB) root key, and other keys are derived according to eNB root key space interface signaling are encrypted.
Above-mentioned point-to-point ciphering process is not particularly suited for cluster multi call business, and reason is as follows:Needed in cluster multi call business The communication between a terminal and multiple terminals is realized, because the root key of each terminal is different, between each terminal also not Key agreement is carried out, therefore HSS can not derive the shared key of each terminal of confession according to numerous different root keys.
Therefore the encryption flow in cluster multi call business how is realized, to ensure the security of space interface signaling and data service, It is urgent problem.
The content of the invention
The embodiment of the present invention provides a kind of encryption method, network side equipment and terminal, to realize in cluster multi call business Encryption flow, ensure the security of space interface signaling and data service.
In a first aspect, the embodiment of the present invention provides a kind of encryption method, including:
AES ability and complete guarantor algorithm ability of the network side equipment according to each terminal in group-calling service, determine that group is close Key, the group key are used to carry out space interface signaling and data of eating dishes without rice or wine when each terminal carries out group-calling service in the group-calling service Encryption;
The network side equipment sends the group key each terminal into the group-calling service.
A kind of encryption method provided in an embodiment of the present invention, network side equipment are calculated according to the encryption of each terminal in group-calling service Method ability and complete guarantor's algorithm ability, determine group key, can solve the problems, such as that key can not be generated in cluster multi call business.
Carried specifically, the network side equipment obtains in the Attach Request message that each terminal is sent in the group-calling service Security capabilities;
The networking side apparatus determines in the group-calling service AES of each terminal and complete according to the security capabilities Protect algorithm ability;
AES and complete guarantor algorithm ability of the network side equipment according to each terminal in the group-calling service determined, Negotiation obtains the AES and complete guarantor's algorithm that each terminal is all supported in the group-calling service;
The network side equipment determines the group key according to the AES and complete guarantor's algorithm consulting to obtain.
Wherein, however, it is determined that the group-calling service in each terminal AES and it is complete guarantor algorithm ability in exist at least one Individual common cryptographic algorithm and complete guarantor's algorithm, then the network side equipment is by least one common cryptographic algorithm and complete guarantor's algorithm In an AES and complete guarantor's algorithm, the AES all supported as each terminal in the group-calling service and it is complete protect calculate Method;
If it is determined that the group-calling service in each terminal AES and it is complete protect in algorithm ability be not present it is common plus Close algorithm and complete guarantor's algorithm, then the network side equipment configure each terminal is all supported in the group-calling service AES and complete Protect algorithm.
Wherein, the network side equipment is according at least two common cryptographics algorithm and the complete priority for protecting algorithm, choosing Select one AES of priority level highest and complete guarantor's algorithm, the encryption all supported as each terminal in the group-calling service Algorithm and complete guarantor's algorithm.
Specifically, the group key is sent to described group and exhaled by non access stratum NAS message by the network side equipment Each terminal in business.
More specifically, the network side equipment is in the group information updating command messages that non access stratum NAS message is included Increase carries the cell of the group key, and the group information updating order by adding the cell is close by the group Key sends into the group-calling service each terminal.
Wherein, the network side equipment in the group information updating command messages that are included in the NAS message by increasing Group information, group information or modification group information are deleted, increase the cell for carrying the group key.
Second aspect, the embodiment of the present invention provide another encryption method, and methods described includes:
Terminal receives the group key that network side equipment is sent, and the group key is used for the terminal and carries out group-calling service When space interface signaling and data of eating dishes without rice or wine are encrypted;
Space interface signaling and data service are encrypted according to the group key for the terminal.
In the embodiment of the present invention, each terminal is according to the group key in the terminal, to space interface signaling and data industry Business is encrypted, and realizes the encryption of space interface signaling and data service in group-calling service.
Specifically, the terminal receives the group key that network side equipment is sent by non access stratum NAS message.
Wherein, the terminal is received network side and set by the group information updating command messages message included in NAS message The group key that preparation is sent, the cell for carrying the group key is included in the group information updating command messages message.
In the embodiment of the present invention, by being believed in group information updating command messages using increase group information, deletion group The mode increase of breath or modification group information carries the cell of the group key, can utilize the dynamic of NAS message script Regrouping process, the increase for the cell for carrying the group key is realized, and when group updating occurring or group key updates, The group key can timely be updated.
The third aspect, the embodiment of the present invention provide a kind of network side equipment, including:
Processing unit, for the AES according to each terminal in group-calling service and complete guarantor's algorithm ability, determine that group is close Key, the group key are used to carry out space interface signaling and data of eating dishes without rice or wine when each terminal carries out group-calling service in the group-calling service Encryption;
Transmitting element, the group key for the processing unit to be determined send into the group-calling service each end End.
Specifically, the encryption that the processing unit is specifically used for as follows according to each terminal in the group-calling service is calculated Method and complete guarantor's algorithm ability, negotiation obtain the AES and complete guarantor's algorithm that each terminal is all supported in the group-calling service:
If it is determined that in the group-calling service AES of each terminal and it is complete guarantor algorithm ability in exist it is at least one common With AES and complete guarantor's algorithm, then by least one common cryptographic algorithm and the complete AES protected in algorithm and Complete guarantor's algorithm, the AES all supported as each terminal in the group-calling service and complete guarantor's algorithm;
If it is determined that common add is not present in the AES of each terminal and complete protect in algorithm ability in the group-calling service Close algorithm and complete guarantor's algorithm, then configure each terminal is all supported in the group-calling service AES and complete guarantor's algorithm.
Wherein, the processing unit, specifically for as follows by least one common cryptographic algorithm and complete guarantor An AES and complete guarantor's algorithm in algorithm, the AES all supported as each terminal in the group-calling service and complete guarantor Algorithm:
If it is determined that the group-calling service in each terminal AES and complete guarantor's algorithm ability in have at least two common It is preferential according at least two common cryptographics algorithm and the complete priority for protecting algorithm, selection with AES and complete guarantor's algorithm Level one AES of grade highest and complete guarantor's algorithm, the AES all supported as each terminal in the group-calling service and Complete guarantor's algorithm.
Specifically, the transmitting element is specifically used for as follows sending the group key to the group-calling service In each terminal:
By non access stratum NAS message, the group key is sent into the group-calling service each terminal, so that described Group key can safely and smoothly be delivered to terminal.
More specifically, the transmitting element is specifically used for as follows sending the group key to described group exhaling industry Each terminal in business:
Increase carries the cell of the group key in the group information updating command messages that NAS message is included, and The group key is sent into the group-calling service by each terminal by the group information updating order for adding the cell.
Wherein, the transmitting element is specifically used for the group information updating life included as follows in the NAS message Making increases the cell for carrying the group key in message:
Believed by increasing group information in the group information updating command messages that are included in the NAS message, deleting group Breath or modification group information, increase carry the cell of the group key.
Fourth aspect, the embodiment of the present invention provide a kind of network termination, including:
Receiving unit, for receiving the group key of network side equipment transmission, the group key enters for the terminal Space interface signaling and data of eating dishes without rice or wine are encrypted during row group-calling service;
Ciphering unit, for the group key received according to the receiving unit, space interface signaling and data service are carried out Encryption.
Specifically, the group that the receiving unit is specifically used for receiving the network side equipment transmission as follows is close Key:
By non access stratum NAS message, the group key that the network side equipment is sent is received.
Wherein, the receiving unit is specifically used for receiving the group key that the network side equipment is sent as follows:
By the group information updating command messages message included in NAS message, receive what the network side equipment was sent Group key, the cell for carrying the group key is included in the group information updating command messages message.
Brief description of the drawings
Fig. 1 is a kind of encryption flow provided in an embodiment of the present invention;
Fig. 2 is that a kind of network side equipment provided in an embodiment of the present invention determines group key and sends the group key Process to terminal;
Fig. 3 is a kind of network side equipment consulted encryption algorithm provided in an embodiment of the present invention and the complete specific implementation for protecting algorithm Process;
Fig. 4 is the NAS message interaction of a kind of network side equipment provided in an embodiment of the present invention and terminal;
Fig. 5 is increased message in a kind of group information updating command messages provided in an embodiment of the present invention;
Fig. 6 is a kind of encryption flow of group-calling service provided in an embodiment of the present invention;
Fig. 7 is a kind of structural representation of network side equipment provided in an embodiment of the present invention;
Fig. 8 is the structural representation of another network side equipment provided in an embodiment of the present invention;
Fig. 9 is a kind of structural representation of terminal provided in an embodiment of the present invention.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is carried out clear, complete Site preparation describes.
The security of space interface signaling and data service between each terminal in guarantee cluster multi call business is, it is necessary to realize collection Encryption flow in group-calling business.The embodiments of the invention provide a kind of encryption flow, as shown in Figure 1:
S10:Network side equipment determines group key.
Cluster multi call business is set in the embodiment of the present invention includes N number of terminal, and the value of the N is greater than equal to 1 Integer.To space interface signaling when group key described in the embodiment of the present invention is for terminal 1, terminal 2 ... terminal N progress group-calling services Data are encrypted with eating dishes without rice or wine.
S11:Network side equipment sends the group key to the terminal 1, terminal 2 ... terminal N.
S12:Terminal 1, terminal 2 ... terminal N receive the group key that network side equipment is sent, terminal 1, terminal 2 ... terminal N According to the group key received, space interface signaling and data service are encrypted.
Optionally, in the embodiment of the present invention, network side equipment can according to terminal 1, terminal 2 ... terminal N AES and Complete guarantor's algorithm ability obtains the group key.
Terminal is carried out in register flow path, and security capabilities is typically carried in the Attach Request message sent to core net, should Include the AES ability of terminal and complete guarantor's algorithm ability in security capabilities, therefore network side equipment can in the embodiment of the present invention Terminal 1, terminal 2 ... terminal are determined in the security capabilities carried in the Attach Request message sent from terminal 1, terminal 2 ... terminal N N AES ability and it is complete guarantor algorithm ability, and according to determination each terminal AES ability and it is complete guarantor algorithm ability Determine group key.
Network side equipment determines group key and the group key is sent to the process of terminal in the embodiment of the present invention As shown in Fig. 2 including:
S20:Each terminal sends Attach Request message to network side equipment in terminal 1, terminal 2 ... terminal N.
S21:After network side equipment receives the Attach Request message of ability safe to carry, according to the security capabilities, really The AES ability of each terminal and complete guarantor's algorithm ability in the fixed terminal 1, terminal 2 ... terminal N.
S22:AES ability and complete guarantor algorithm ability of the network side equipment according to each terminal determined, consult to obtain The AES and complete guarantor's algorithm that each terminal is supported.
S23:The AES and complete guarantor's algorithm that network side equipment is supported according to each terminal for consulting to obtain, determine institute State group key.
S24:The group key is sent to each terminal in the terminal 1, terminal 2 ... terminal N by network side equipment.
The embodiment of the present invention, network side equipment are obtained each by AES ability and the complete negotiation for protecting algorithm ability The AES and complete guarantor's algorithm that terminal is all supported, the AES and complete guarantor's algorithm supported further according to each terminal, The group key is determined, can solve the problems, such as that key can not generate in cluster multi call business.
In the embodiment of the present invention, network side equipment is calculated according to the encryption of each terminal in the terminal 1, terminal 2 ... terminal N Method ability and complete guarantor's algorithm ability, negotiation obtain the AES that each terminal is supported in the terminal 1, terminal 2 ... terminal N With it is complete guarantor algorithm specific implementation process as shown in figure 3, including:
Network side equipment judges the AES ability determined and whether there is common encryption in complete guarantor's algorithm ability Algorithm and complete guarantor's algorithm (S30).If being not present, network side equipment configures each terminal in the terminal 1, terminal 2 ... terminal N The AES all supported and complete guarantor's algorithm (S31);If in the presence of common AES and complete guarantor's algorithm, judge described common AES and it is complete protect algorithm quantity (S32), will be described common if an only common AES and complete guarantor's algorithm With AES and it is complete protect algorithm as each terminal is supported in the terminal 1, terminal 2 ... terminal N AES with Complete guarantor's algorithm (S33).If in the presence of at least two common AESs and complete guarantor's algorithm, it is common to can be set described at least two AES and the complete priority for protecting algorithm, the specific mode embodiment of the present invention for setting priority does not limit, such as institute Stating network side equipment can be configured according to the priority policy of local.Network side equipment determines at least two common cryptographics be present In the case of algorithm and complete guarantor's algorithm, AES that can be common according to described at least two and the complete priority for protecting algorithm, selection One AES of priority level highest and complete guarantor's algorithm, as each terminal in the terminal 1, terminal 2 ... terminal N The AES of support and complete guarantor's algorithm (S34).
Specifically, when the terminal 1, terminal 2 ... terminal N need to carry out group service, terminal 1 described first, terminal 2 ... Each terminal can send group information updating request message to the network side equipment in terminal N, when the network side equipment is received Into the terminal 1, terminal 2 ... terminal N after the group information updating request message of each terminal, the network side equipment can under Group information updating command messages are sent out, then each terminal can be sent out to the network side equipment in the terminal 1, terminal 2 ... terminal N Send group information updating response message.Said process can be described as group information updating process, and group information updating process is in LTE network What Non-Access Stratum (Non-Access Stratum, NAS) was carried out, the above-mentioned group information updating process is alternatively referred to as NAS flows. Group information updating request message, group information updating command messages and group information updating response message in the NAS flows are referred to as For NAS message.Network side equipment described in the embodiment of the present invention can be sent the group key to institute by NAS message Each terminal in terminal 1, terminal 2 ... terminal N is stated, so that the group key can safely and smoothly be delivered to terminal.
Further, the network side equipment is sent the group key to the terminal 1, terminal by NAS message Each terminal in 2 ... terminal N, the specific implementation process that the terminal 1, terminal 2 ... terminal N complete to receive again are as shown in Figure 4:Institute State network side equipment increases the letter for carrying the group key in the group information updating command messages that NAS message is included Member, and each terminal sends the group information updating order for carrying the group key into the terminal 1, terminal 2 ... terminal N Message (S40), as stated above, the network side equipment can be by adding the group information updating order of the cell by institute Group key is stated to send to each terminal in the terminal 1, terminal 2 ... terminal N.It is every in the terminal 1, terminal 2 ... terminal N Individual terminal can receive the group information updating command messages (S41) for carrying the group key.
Specifically, the group information updating that network side equipment can be included by mode as shown in Figure 5 in the NAS message Increase carries the cell of the group key in command messages.In Fig. 5, network side equipment in the NAS message by being wrapped The mode for increase group information in the group information updating command messages contained, deleting group information or change group information increases carrying There is the cell of the group key.
In the embodiment of the present invention, by being believed in group information updating command messages using increase group information, deletion group The mode increase of breath or modification group information carries the cell of the group key, can utilize the dynamic of NAS message script Regrouping process, the increase for the cell for carrying the group key is realized, and when group updating occurring or group key updates, The group key can timely be updated.
Specifically, the encryption method being related in the embodiment of the present invention using above-described embodiment, which is realized, encrypts stream in group-calling service Journey as shown in fig. 6, including:
Each terminal sends Attach Request message to the network side equipment in S60, terminal 1, terminal 2 ... terminal N, described The security capabilities of each terminal in the terminal 1, terminal 2 ... terminal N is carried in Attach Request message.
S61, the network side equipment determine each whole in the terminal 1, terminal 2 ... terminal N according to the security capabilities Hold the AES of algorithm ability and complete guarantor's algorithm ability.
The encryption of each terminal is calculated in S62, the terminal 1 of network side equipment foundation determination, terminal 2 ... terminal N Method ability and complete guarantor's algorithm ability, negotiation obtain the AES that each terminal is supported in the terminal 1, terminal 2 ... terminal N With complete guarantor's algorithm.
S63, the network side equipment determine the group key according to the AES and complete guarantor's algorithm consulting to obtain.
S64, the network side equipment issue group information updating command messages, are carried in the group information updating command messages There is the cell of the group key.
The cell of the group key is carried in S65, the terminal 1, terminal 2 ... terminal N described in each terminal reception Group information updating command messages, according to the group key, space interface signaling and data service are encrypted.
In the embodiment of the present invention, AES and complete guarantor algorithm of the network side equipment according to each terminal in the group-calling service Ability, negotiation obtain the AES and complete guarantor's algorithm that each terminal is all supported in the group-calling service, further according to described each whole Hold the AES all supported and complete guarantor's algorithm, it may be determined that go out the group key, solve in cluster multi call business key without The problem of method output.Each terminal is according to the group key in the terminal 1, terminal 2 ... terminal N, to space interface signaling sum It is encrypted according to business, realizes the encryption of space interface signaling and data service in group-calling service.
The encryption method provided based on above-described embodiment, the embodiment of the present invention provide a kind of network side equipment, and the equipment can So that applied in group-calling service, Fig. 7 show the structural representation of network side equipment provided in an embodiment of the present invention, such as Fig. 7 institutes To show, the equipment includes processing unit 71 and transmitting element 72, wherein:
Processing unit 71, for the AES according to each terminal in group-calling service and complete guarantor's algorithm ability, determine group Key, the group key are used to enter space interface signaling and data of eating dishes without rice or wine when each terminal carries out group-calling service in the group-calling service Row encryption.
Transmitting element 72, the group key for the processing unit 71 to be determined are sent into the group-calling service Each terminal.
Further, the network side equipment also includes acquiring unit 73, the acquiring unit 73, as shown in figure 8, described Acquiring unit is used for:Obtain the security capabilities carried in the Attach Request message that each terminal is sent in the group-calling service.
Specifically, the processing unit 71, is used for:The security capabilities obtained according to the acquiring unit 73, it is determined that described The AES of each terminal and complete guarantor's algorithm ability in group-calling service;Encryption according to each terminal in the group-calling service determined Algorithm and complete guarantor's algorithm ability, negotiation obtain the AES and complete guarantor's algorithm that each terminal is all supported in the group-calling service;According to According to the AES and complete guarantor's algorithm for consulting to obtain, the group key is determined.
Wherein, the negotiations process that the processing unit 71 is carried out is as follows:
If it is determined that in the group-calling service AES of each terminal and it is complete guarantor algorithm ability in exist it is at least one common With AES and complete guarantor's algorithm, then by least one common cryptographic algorithm and the complete AES protected in algorithm and Complete guarantor's algorithm, the AES all supported as each terminal in the group-calling service and complete guarantor's algorithm.
If it is determined that common add is not present in the AES of each terminal and complete protect in algorithm ability in the group-calling service Close algorithm and complete guarantor's algorithm, then configure each terminal is all supported in the group-calling service AES and complete guarantor's algorithm.
Wherein, the processing unit 71, is specifically used for:
If it is determined that the group-calling service in each terminal AES and complete guarantor's algorithm ability in have at least two common It is preferential according at least two common cryptographics algorithm and the complete priority for protecting algorithm, selection with AES and complete guarantor's algorithm Level one AES of grade highest and complete guarantor's algorithm, the AES all supported as each terminal in the group-calling service and Complete guarantor's algorithm.
Specifically, the transmitting element 72 is used for:By NAS message, the group key is sent to described group and exhales industry Each terminal in business.
Wherein, the transmitting element 72 is used for:By increasing in the group information updating command messages that are included in NAS message The cell of the group key is carried, and the group key is sent out in the group information updating order by adding the cell Deliver to each terminal in the group-calling service.
Specifically, the transmitting element 72 is used for:Pass through the group information updating command messages included in the NAS message Middle increase group information, delete group information or modification group information, increase carries the cell of the group key, and by institute State group key and send into the group-calling service each terminal.
The above-mentioned network side equipment being related to of the embodiment of the present invention can be independent part or be integrated in other In part, such as above-mentioned network side equipment provided in an embodiment of the present invention can be the independent equipment in LTE network, can also It is integrated with the part of core network internal.
It should be noted that the function of the unit of network side equipment in the embodiment of the present invention is realized and interaction side Formula can will not be repeated here with further reference to the description of related method embodiment.
The embodiment of the present invention also provides a kind of terminal, and Fig. 9 is the structural representation of terminal provided in an embodiment of the present invention, such as Shown in Fig. 9, the terminal includes receiving unit 81 and ciphering unit 82, wherein:
Receiving unit 81, for receiving the group key of network side equipment transmission, the group key is used for the terminal Space interface signaling and data of eating dishes without rice or wine are encrypted when carrying out group-calling service;
Ciphering unit 82, for the group key received according to the receiving unit 81, to space interface signaling and data service It is encrypted.
Specifically, the receiving unit 81 is specifically used for:
By non access stratum NAS message, the group key that the network side equipment is sent is received.
Wherein, the receiving unit is specifically used for:
By the group information updating command messages message included in NAS message, receive what the network side equipment was sent Group key, the cell for carrying the group key is included in the group information updating command messages message.
It is understood that the terminal of the present embodiment can be used for realizing that the institute being related in above method embodiment is functional, Its specific implementation process is referred to the associated description of above method embodiment, and here is omitted.
Obviously, those skilled in the art can carry out the essence of various changes and modification without departing from the present invention to the present invention God and scope.So, if these modifications and variations of the present invention belong to the scope of the claims in the present invention and its equivalent technologies Within, then the present invention is also intended to comprising including these changes and modification.

Claims (20)

1. a kind of encryption method, it is characterised in that methods described includes:
AES ability and complete guarantor algorithm ability of the network side equipment according to each terminal in group-calling service, determine group key, The group key is used to add space interface signaling and data of eating dishes without rice or wine when each terminal carries out group-calling service in the group-calling service It is close;
The network side equipment sends the group key each terminal into the group-calling service.
2. the method as described in claim 1, it is characterised in that each terminal adds in the network side equipment foundation group-calling service Close algorithm ability and complete guarantor's algorithm ability, determine group key, including:
The network side equipment obtains the security capabilities carried in the Attach Request message that each terminal is sent in the group-calling service;
The networking side apparatus determines that the AES of each terminal and complete protect are calculated in the group-calling service according to the security capabilities Method ability;
AES and complete guarantor algorithm ability of the network side equipment according to each terminal in the group-calling service determined, consult Obtain the AES and complete guarantor's algorithm that each terminal is all supported in the group-calling service;
The network side equipment determines the group key according to the AES and complete guarantor's algorithm consulting to obtain.
3. method as claimed in claim 2, it is characterised in that the network side equipment is according to each terminal in the group-calling service AES and complete guarantor's algorithm ability, consult to obtain each terminal is all supported in the group-calling service AES and complete protect calculated Method, including:
If it is determined that the group-calling service in each terminal AES and complete guarantor's algorithm ability in exist it is at least one common plus Close algorithm and complete guarantor's algorithm, then the network side equipment by least one common cryptographic algorithm and it is complete protect algorithm in one AES and complete guarantor's algorithm, the AES all supported as each terminal in the group-calling service and complete guarantor's algorithm;
If it is determined that the group-calling service in each terminal AES and complete protect in algorithm ability common encryption be not present calculate Method and complete guarantor's algorithm, the then AES and complete protect that each terminal is all supported in the network side equipment configuration group-calling service are calculated Method.
4. method as claimed in claim 3, it is characterised in that the encryption of each terminal is calculated in the group-calling service of the determination There is at least two common cryptographic algorithms and complete guarantor's algorithm in method and complete protect in algorithm ability, described in the network side equipment general at least Two common cryptographic algorithms and the complete AES protected in algorithm and complete guarantor's algorithm, as each terminal in the group-calling service The AES and complete guarantor's algorithm all supported, including:
The network side equipment selects priority etc. according at least two common cryptographics algorithm and the complete priority for protecting algorithm Level one AES of highest and complete guarantor's algorithm, the AES all supported as each terminal in the group-calling service and complete guarantor Algorithm.
5. the method as described in any one of Claims 1-4, it is characterised in that the network side equipment is by the group key Each terminal into the group-calling service is sent, including:
The group key is sent into the group-calling service each end by the network side equipment by non access stratum NAS message End.
6. the method as described in any one of claim 1 to 5, it is characterised in that the network side equipment is by the group key Each terminal into the group-calling service is sent, including:
The network side equipment increase in the group information updating command messages that non access stratum NAS message is included carry it is described The cell of group key, and the group information updating order by adding the cell sends the group key to described group Exhale each terminal in business.
7. method as claimed in claim 6, it is characterised in that the group that the network side equipment is included in the NAS message Increase carries the cell of the group key in information updating command messages, including:
The network side equipment by increase in the group information updating command messages that are included in the NAS message group information, Delete group information or modification group information, increase carry the cell of the group key.
8. a kind of encryption method, it is characterised in that methods described includes:
Terminal receive network side equipment send group key, the group key be used for the terminal carry out group-calling service when pair Space interface signaling and data of eating dishes without rice or wine are encrypted;
Space interface signaling and data service are encrypted according to the group key for the terminal.
9. method as claimed in claim 8, it is characterised in that the terminal receives the group key that network side equipment is sent, Including:
The terminal receives the group key that network side equipment is sent by non access stratum NAS message.
10. method as claimed in claim 8 or 9, it is characterised in that it is close that the terminal receives the group that network side equipment is sent Key, including:
The terminal receives what network side equipment was sent by the group information updating command messages message included in NAS message Group key, the cell for carrying the group key is included in the group information updating command messages message.
A kind of 11. network side equipment, it is characterised in that including:
Processing unit, for the AES according to each terminal in group-calling service and complete guarantor's algorithm ability, group key is determined, institute Group key is stated to be used to space interface signaling and data of eating dishes without rice or wine be encrypted when each terminal carries out group-calling service in the group-calling service;
Transmitting element, the group key for the processing unit to be determined send into the group-calling service each terminal.
12. network side equipment as claimed in claim 11, it is characterised in that the network side equipment also includes acquiring unit,
The acquiring unit, for obtaining the safe energy carried in the Attach Request message that each terminal is sent in the group-calling service Power;
The processing unit, specifically for the AES according to each terminal in group-calling service and complete guarantor's algorithm energy as follows Power, determine group key:
The security capabilities obtained according to the acquiring unit, determine that the AES of each terminal and complete protect are calculated in the group-calling service Method ability;
Obtain described group according to the AES of each terminal in the group-calling service determined and complete guarantor's algorithm ability, negotiation and exhale industry The AES and complete guarantor's algorithm that each terminal is all supported in business;
According to the AES and complete guarantor's algorithm for consulting to obtain, the group key is determined.
13. network side equipment as claimed in claim 12, it is characterised in that the processing unit is specifically used for as follows Each terminal in the group-calling service is obtained according to the AES of each terminal in the group-calling service and complete guarantor's algorithm ability, negotiation The AES and complete guarantor's algorithm all supported:
If it is determined that exist in the group-calling service in the AES of each terminal and complete guarantor's algorithm ability it is at least one common plus Close algorithm and complete guarantor's algorithm, then by least one common cryptographic algorithm and the complete AES protected in algorithm and complete guarantor Algorithm, the AES all supported as each terminal in the group-calling service and complete guarantor's algorithm;
If it is determined that common encryption calculation is not present in the AES of each terminal and complete protect in algorithm ability in the group-calling service Method and complete guarantor's algorithm, then configure each terminal is all supported in the group-calling service AES and complete guarantor's algorithm.
14. network side equipment as claimed in claim 13, it is characterised in that the processing unit, specifically for by such as lower section Formula by least one common cryptographic algorithm and it is complete protect algorithm in an AES and complete guarantor's algorithm, exhaled as described group The AES and complete guarantor's algorithm that each terminal is all supported in business:
If it is determined that the group-calling service in each terminal AES and complete guarantor's algorithm ability in exist at least two it is common plus Close algorithm and complete guarantor's algorithm, according at least two common cryptographics algorithm and the complete priority for protecting algorithm, select priority etc. Level one AES of highest and complete guarantor's algorithm, the AES all supported as each terminal in the group-calling service and complete guarantor Algorithm.
15. the network side equipment as described in any one of claim 11 to 14, it is characterised in that the transmitting element is specifically used for The group key is sent into the group-calling service each terminal as follows:
By non access stratum NAS message, the group key is sent into the group-calling service each terminal.
16. the network side equipment as described in any one of claim 11 to 15, it is characterised in that the transmitting element is specifically used for The group key is sent into the group-calling service each terminal as follows:
Increase carries the letter of the group key in the group information updating command messages that non access stratum NAS message is included Member, and the group key is sent into the group-calling service each end by the group information updating order by adding the cell End.
17. network side equipment as claimed in claim 16, it is characterised in that the transmitting element is specifically used for as follows Increase carries the cell of the group key in the group information updating command messages that the NAS message is included:
By increase group information in the group information updating command messages that are included in the NAS message, delete group information or Group information is changed, increase carries the cell of the group key.
A kind of 18. terminal, it is characterised in that including:
Receiving unit, for receiving the group key of network side equipment transmission, the group key carries out group for the terminal Exhale and space interface signaling and data of eating dishes without rice or wine are encrypted during business;
Ciphering unit, for the group key received according to the receiving unit, space interface signaling and data service are encrypted.
19. terminal as claimed in claim 18, it is characterised in that the receiving unit is specifically used for receiving institute as follows State the group key of network side equipment transmission:
By non access stratum NAS message, the group key that the network side equipment is sent is received.
20. the terminal as described in claim 18 or 19, it is characterised in that the receiving unit is specifically used for connecing as follows Receive the group key that the network side equipment is sent:
By the group information updating command messages message included in NAS message, the group that the network side equipment is sent is received Key, the cell for carrying the group key is included in the group information updating command messages message.
CN201610672046.7A 2016-08-15 2016-08-15 Encryption method, network side equipment and terminal Active CN107770769B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610672046.7A CN107770769B (en) 2016-08-15 2016-08-15 Encryption method, network side equipment and terminal

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610672046.7A CN107770769B (en) 2016-08-15 2016-08-15 Encryption method, network side equipment and terminal

Publications (2)

Publication Number Publication Date
CN107770769A true CN107770769A (en) 2018-03-06
CN107770769B CN107770769B (en) 2020-05-12

Family

ID=61260976

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610672046.7A Active CN107770769B (en) 2016-08-15 2016-08-15 Encryption method, network side equipment and terminal

Country Status (1)

Country Link
CN (1) CN107770769B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112954610A (en) * 2019-11-22 2021-06-11 成都鼎桥通信技术有限公司 Group signaling transmission method and device

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103369523A (en) * 2013-07-18 2013-10-23 成都鼎桥通信技术有限公司 Method for improving cluster downlink safety
CN103813272A (en) * 2012-11-14 2014-05-21 普天信息技术研究院有限公司 Cluster group calling downlink transmission method
CN104010276A (en) * 2013-02-27 2014-08-27 中兴通讯股份有限公司 Group key hierarchical management method and system for broadband cluster system, and terminal
CN105451195A (en) * 2014-07-25 2016-03-30 成都鼎桥通信技术有限公司 End-to-end cluster key distribution method and core network equipment (eCN)

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103813272A (en) * 2012-11-14 2014-05-21 普天信息技术研究院有限公司 Cluster group calling downlink transmission method
CN104010276A (en) * 2013-02-27 2014-08-27 中兴通讯股份有限公司 Group key hierarchical management method and system for broadband cluster system, and terminal
CN103369523A (en) * 2013-07-18 2013-10-23 成都鼎桥通信技术有限公司 Method for improving cluster downlink safety
CN105451195A (en) * 2014-07-25 2016-03-30 成都鼎桥通信技术有限公司 End-to-end cluster key distribution method and core network equipment (eCN)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112954610A (en) * 2019-11-22 2021-06-11 成都鼎桥通信技术有限公司 Group signaling transmission method and device
CN112954610B (en) * 2019-11-22 2022-07-26 成都鼎桥通信技术有限公司 Group signaling transmission method and device

Also Published As

Publication number Publication date
CN107770769B (en) 2020-05-12

Similar Documents

Publication Publication Date Title
CN109561427B (en) A kind of communication means and relevant apparatus
US11025414B2 (en) Key exchange method and apparatus
KR102144303B1 (en) Key configuration method, security policy determination method and device
CN108966220B (en) A kind of method and the network equipment of secret key deduction
CN108347410B (en) Safety implementation method, equipment and system
EP2611227B1 (en) DATA PROTECTION ON AN Un INTERFACE
CN106134231B (en) Key generation method, equipment and system
ES2734989T3 (en) Secure communications for computer devices that use proximity services
EP3565210B1 (en) Method, relevant device and system for processing network key
US20200228977A1 (en) Parameter Protection Method And Device, And System
CN104618902B (en) The network operation solution not encrypted
EP3817422A1 (en) Communication method and device
EP2309698A1 (en) Exchange of key material
CN1835436B (en) General power authentication frame and method of realizing power auttientication
WO2013118096A1 (en) Method, apparatus and computer program for facilitating secure d2d discovery information
CN102869007A (en) Safety algorithm negotiation method, device and network system
CN110475247A (en) Message treatment method and device
EP2648437A1 (en) Method, apparatus and system for key generation
CN107919974A (en) Policy control method and device
US20190149326A1 (en) Key obtaining method and apparatus
CN113873510A (en) Secure communication method, related device and system
CN107770769A (en) A kind of encryption method, network side equipment and terminal
CN106358159A (en) Shared channel management method and system of broadband cluster system, terminals and base station
JP2018537872A (en) Communication network and method for establishing a non-access layer connection in a communication network
CN114285570B (en) Key configuration and security policy determination method and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant